[Openswan Users] Routing problem with NETKEY
Jani Joki
demi at futuremark.com
Tue Aug 8 11:40:36 EDT 2006
Quoting Andy Gay (andy at andynet.net):
> So change that INPUT to PREROUTING
>
> > iptables -A INPUT -p 50 -j ACCEPT
> > iptables -A INPUT -p 51 -j ACCEPT
> > iptables -A INPUT -p 4 -j ACCEPT
>
> Add a LOG rule here so you can see what's getting dropped. Didn't I
> suggest that already?
Adding the LOG actually did solve the problem, though probably not quite
how you intended :),
I setup syslog to capture kern.* to a different file and was watching
it for the logged packets - during which I noticed that everytime
traffic coming in from the tunnel was received, I got an entry such
as this one:
Aug 8 16:09:36 firewall kernel: audit(1155042576.624:11049): avc: denied { sendto recvfrom } for scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=association
And surely enough, as soon as I disabled SELinux the tunnel started working
perfectly.
Thanks to everyone for their help. :)
--
Jani Joki Senior Technical Manager Futuremark Corporation
jani.joki at futuremark.com +358 20 759 8264 www.futuremark.com
More information about the Users
mailing list